CVE-2004-1370
published 2004-08-04CVE-2004-1370: Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
Affected
86 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | application_server | — | — |
| oracle | collaboration_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | e-business_suite | — | — |
| oracle | enterprise_manager | — | — |
| oracle | enterprise_manager | — | — |
| oracle | enterprise_manager_database_control | — | — |
| oracle | enterprise_manager_grid_control | — | — |